gfwleak/tango-tfe
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改pinning判断条件

Browse Source
This commit is contained in:
崔一鸣
2019-06-28 12:05:47 +06:00
parent 65e0ac29d5
commit 53f537397f
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
platform/src/ssl_stream.cpp
View File

@@ -1163,9 +1163,13 @@ void ssl_stream_process_error(struct ssl_stream * s_stream, unsigned long sslerr
{
case CONN_DIR_DOWNSTREAM:
s_upstream= &(s_stream->peer->up_parts);
if(sslerr==SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN &&
s_upstream->is_server_cert_verify_passed &&
s_upstream->verify_result.is_hostmatched)
if( (sslerr==SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN ||
sslerr==SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ||
sslerr==SSL_R_TLSV1_ALERT_UNKNOWN_CA ||
sslerr==SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE ||
sslerr==SSL_R_UNKNOWN_CERTIFICATE_TYPE ||)
&& s_upstream->is_server_cert_verify_passed
&& s_upstream->verify_result.is_hostmatched)
{
s_upstream->svc_status.pinning_status=PINNING_ST_PINNING;
ssl_stream_set_cmsg_integer(s_stream, TFE_CMSG_SSL_PINNING_STATE, PINNING_ST_PINNING);